Top Posts, the Lemming,
and Other Stuff

Tuesday, October 6, 2009

Phishing, Common Sense, and 'The Public's Right to Know'

"Password Scam Widens To Google, Yahoo"
SkyNews, via FOXNews (October 6, 2009)

"The scale of the phishing attack on Hotmail could stretch further than first thought, with accounts on Google and Yahoo now threatened.

"Microsoft confirmed on Monday that the popular email site had been the target of a scam which tricked users into revealing their passwords. This led to around 10,000 passwords being posted online.

"The computer company said their servers were not responsible for the security breach and that individuals had been conned into handing over their details. But it has been reported that more lists have also been circulated with genuine account information relating to email on Google, Yahoo, Comcast and Earthlink, as well as other third-party web mail services.

"Neil O'Neil, an ethical hacker and digital forensics investigator at secure payments specialist The Logic Group, said up to a million passwords could have been accessed.

" 'Making the breach public so soon after the attack occurred has allowed unethical hackers to access the passwords very easily, even though they were deleted a couple of days ago at the request of Microsoft,' he explained...."

As a rule, I approve of prompt publication of pertinent information about a scam.

In this case, I can see how it might not have been the best idea.

I can afford, personally, to be a bit flippant about this particular scam.

[Neil O'Neil said] "...'People tend to have the same password across many accounts - so there is a good chance that individuals have also compromised the integrity of their ebay or paypal accounts too....'..."

I've got the same kind of password across many accounts: it's a word that you won't find in a dictionary, but that I can remember fairly easily, a number sequence that's also easy for me to remember, and another word that's different for each account - but follows a mnemonic pattern that involves whatever website, service, or company I'm dealing with.

Vague? You bet! I am not going to describe in detail what my security arrangements are, in an open post like this. I also don't send my credit card information in emails, give my passwords to people who ask for them, or leave the keys to my house on a nail in the siding by the front door.

I've been called 'paranoid' - but that I can live with. I think of it as more a matter of informed caution.
at

No comments:

Post a Comment

Thanks for your comment!